From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,8410036d98747a07,start X-Google-Attributes: gid103376,public X-Google-Thread: 114c38,150ecaf49e2f68e7 X-Google-Attributes: gid114c38,public From: Rakesh Malhotra Subject: Re: VxWorks and safety related systems Date: 1999/11/23 Message-ID: <383AF7E1.1D899F50@pop.safetran.com>#1/1 X-Deja-AN: 552198648 Distribution: world Content-Transfer-Encoding: 7bit References: <382C2D36.C24AB060@gecm.com> X-Accept-Language: en Content-Type: text/plain; charset=us-ascii X-Abuse-Info: Otherwise we will be unable to process your complaint properly X-Complaints-To: abuse@gte.net X-Trace: +4LrtsZNQvQ/vKYgo8ussgpfoY0YCWX6jrXtiaho9xaO1roaSEnXZs2W/aHjEth/xMWcttJxXQZJ!ZlrqfFvNb5Ef/mPdcjwI9ZJE7y0eYSVUsItahsQlEd45zgkUynU2QvxxoKL0Ym8mUWrf1R0= MIME-Version: 1.0 NNTP-Posting-Date: Tue, 23 Nov 1999 20:24:04 GMT Newsgroups: comp.os.vxworks,comp.lang.ada Date: 1999-11-23T00:00:00+00:00 List-Id: Hi What kind of info are you looking for ? I have been developing safety systems for over 10 years and read through DEF STAN a long time ago; however, I work mostly in the railroad industry which has its own sets of standards. In Europe the most common is RIA-23 or the CENELEC one. These are a bit less stringent than DEF STAN specially at the higher SIL levels. The railroad standards have SIL levels from 0 to 4. The systems I have worked on were SIL 3. However, I know several people who have worked on several SIL 4 systems. The systems were specified and designed very rigorously. This includes the use of a lot of common techniques e.g. FTA, FMEA, SFMEA, Hazard Analysis etc. In addition every single line of code had to be tested. At SIL 3 or higher the use of an OS is _not_ recommended; hence we chose not to use any OS. The programming language used was Ada (1983) - I did the first system in 1990. Subsequently, I have done several more safety systems ( > 3) and have used Ada in each of them _very_ successfully. If you are in the USA, some of these systems have been and are being done in the US (I mention this only because software folks in the US seem to have some kind of aversion to Ada without even understanding what it is or having ever looked at it. They just feed off of each others comments). At SIL 3 DEF STAN will probably recommend the use of a Static Code Analyser - the only ones I have used are SPADE and SPARK (the first is for Pascal, the 2nd for Ada). These are sold by Praxis Systems in the UK - check out www.praxis.com. I do not think that there is such a thing for C, C++ or Java. (As an aside, I have also developed and am developing high integrity systems in C, C++. If for some reason you choose to use these languages, it helps to use a tool like PC-Lint. - this tool should actually be used for all projects, but should be mandatory for high integrity ones). Again if you want more info, send me email and I will try to help or if you are in the US we can talk on the phone. Rakesh Comments are my own and do not reflect the views of my company. David H Smith wrote: > > I'm looking for info on projects that have used VxWorks in safety > related systems. For those of you aware of Defstan 00-56, I'm talking > about SIL 3 systems. > > Dave Smith